Expert Insight: What is SAP Security?

SAP security is the set of tools and processes that controls what users can access inside an SAP landscape. Your SAP hosting environment contains lots of confidential information (such as financial records) and sensitive procedures (such as paying inventory) that needs to be protected. SAP security roles are used to restrict users, so that each only has as much access as they need to do their job. This decreases risks such as fraud, data breaches and compliance violations.

Expert Insight: Ben Uher, Client Manager of Security & Controls

How Does SAP Security Work with GRC

GRC looks at what users can do and are doing in the system, then creates policies to remediate risks and meet regulatory compliance requirements. SAP security implements those policies on a day-to-day basis — for example, by provisioning new users and investigating signs that the system is not operating in accordance with GRC. GRC software helps both the GRC team and the SAP security team do their job more efficiently and effectively.

What is SAP Security vs. Cyber Security

Cyber security services primarily protect organizations against external threats. A cyber security team will test and strengthen your IT landscape, and monitor it for evidence that hackers are attempting to gain access to (or are already inside) your system. For example, an IP address repeatedly scanning your network could be a hacker looking for vulnerabilities. A cyber security team will detect and investigate this behavior, and neutralize it, if it appears to pose a threat.

SAP security is focused primarily on inside threats. It ensures users have a level of access appropriate to their role, and in compliance with the company’s SAP GRC program. For example, if someone has the ability to create vendors in the SAP landscape, they should not have the power to pay vendors as well, since they could use that power to create a spurious vendor and “pay” themselves. SAP security also monitors users and transactions for signs of potential fraud or noncompliance.

Although they’re separate, SAP security and cyber security are interdependent. For example, if SAP security permits a user to have too much access, they increase the damage a hacker can do by compromising that user’s account. Similarly, a user’s suspicious behavior might raise SAP security flags, but it could actually be a sign that a hacker has hacked into their account. Organizations benefit from an integrated security and compliance model that addresses insider, outsider and regulatory risks.

How Can Managed Security Services Help

Organizations face a huge range of SAP security risks, cyber security vulnerabilities and regulatory requirements. Addressing these challenges requires a diverse and highly-trained team of IT security and compliance professionals. Most enterprises struggle just to successfully remediate poor audit findings, and only the largest can field an internal team capable of constructing and maintaining an adequate GRC program, much less providing continuous monitoring and incident response.

Working with a complete security and compliance partner like Symmetry provides superior protection and risk mitigation while controlling costs. We can audit your current business practices, revamp your security model to reduce internal and external risks, bring you into full compliance, and provide around-the-clock incident detection and mitigation.

Alternately, we can work in a support role, such as by providing SAP security training or around the clock incident detection and response to help your IT team. Whether you’re looking for occasional support, or someone to handle all of your security and compliance needs, Symmetry is there.

Read our Security Complete PlusGRC solution brief to learn how Symmetry can take the weight of security and compliance off your shoulders.

Ben Uher manages the SAP Security and Controls Practice at Symmetry where he leads a team of permanent Consultants in delivering SAP Security and GRC offerings to global organizations. His deep knowledge in everything SAP Security and GRC related has come from the opportunity to work with over 150 Organizations running SAP throughout various cycles of their implementations. Variation in industry, sector and size has provided a breadth of opportunity and experience in almost every facet of SAP technology spanning HANA, Fiori, ERP, BW/BI, HCM and SCM amongst others. Most importantly, Ben is driven based on results and continually strives to provide exceptional support for the organizations that rely on him and his team as trusted advisers for SAP Security and GRC support.